NextCloud built in CODE server for Collabora does not work with reverse proxy (caddy) in docker environment

Hey! Thanks in advance to anyone volunteering to help me with this matter - I hope you have a great day!

Whenever I try to open anything office-related (docx, xlsx, etc.), it hangs up on loading and never loads. I am using a Docker image for Nextcloud and a Caddy instance to handle the HTTP and HTTPS requests.

I’ve already mounted the config.php, edited it, and changed its ownership, but it still doesn’t load. Here is the config.php:

<?php
$CONFIG = array (
  'htaccess.RewriteBase' => '/',
  'memcache.local' => '\\OC\\Memcache\\APCu',
  'apps_paths' =>
  array (
    0 =>
    array (
      'path' => '/var/www/html/apps',
      'url' => '/apps',
      'writable' => false,
    ),
    1 =>
    array (
      'path' => '/var/www/html/custom_apps',
      'url' => '/custom_apps',
      'writable' => true,
    ),
  ),
  'upgrade.disable-web' => true,
  'instanceid' => '>>>redacted by wwe<<<',
  'passwordsalt' => '>>>redacted by wwe<<<',
  'secret' => >>>redacted by wwe<<<',
  'trusted_domains' =>
  array (
    0 => 'nextcloud.staffconnect.agency',
  ),
  'datadirectory' => '/var/www/html/data',
  'dbtype' => 'mysql',
  'version' => '28.0.3.2',
  'overwrite.cli.url' => 'https://nextcloud.staffconnect.agency',
  'dbname' => 'nextcloud',
  'dbhost' => 'nextcloud_db',
  'dbport' => '',
  'dbtableprefix' => 'oc_',
  'mysql.utf8mb4' => true,
  'dbuser' => 'nextcloud',
  'dbpassword' => 'nextcloud',
  'installed' => true,


  'overwritehost' => 'nextcloud.staffconnect.agency',
  'overwriteprotocol' => 'https',
  'overwritewebroot' => '/',
  'overwritecondaddr' => '^172.18.0.5$', // IP-Adresse Ihres Caddy-Servers
  'trusted_proxies' => ['172.18.0.5'], // IP-Adresse Ihres Caddy-Servers
  'maintenance_window' => [
    'day' => 'Sunday', // Optional: Anpassen nach Bedarf
    'time' => '02:00:00', // Optional: Anpassen nach Bedarf
    'duration' => 60, // Optional: Anpassen nach Bedarf
  ],
);

Here is the Caddyfile:

freepbx.staffconnect.agency {
        reverse_proxy host.docker.internal:50000
}

docuseal.staffconnect.agency {
        reverse_proxy app:3000
}

traggo.staffconnect.agency {
        reverse_proxy docuseal_traggo_1:3030
}

nextcloud.staffconnect.agency {
  reverse_proxy docuseal_nextcloud_1:80 {

        header_up Host {host}
        header_up X-Real-IP {remote_host}
        header_up X-Forwarded-For {remote_host}
        header_up X-Forwarded-Port {server_port}
        header_up X-Forwarded-Proto {scheme}

  }
  header Strict-Transport-Security "max-age=31536000;"

  redir /.well-known/carddav /remote.php/dav 301
  redir /.well-known/caldav /remote.php/dav 301
}

and for good measure here is the docker-compose.yml

version: '3'

services:
  app:
    depends_on:
      postgres:
        condition: service_healthy
    image: docuseal/docuseal:latest
    ports:
      - 3000:3000
    volumes:
      - .:/data
    environment:
      FORCE_SSL: 'true'
      DATABASE_URL: postgresql://postgres:postgres@postgres:5432/docuseal

  postgres:
    image: postgres:15
    volumes:
      - './pg_data:/var/lib/postgresql/data'
    environment:
      POSTGRES_USER: postgres
      POSTGRES_PASSWORD:  <redacted>
      POSTGRES_DB: docuseal
    healthcheck:
      test: ["CMD-SHELL", "pg_isready -U postgres"]
      interval: 5s
      timeout: 5s
      retries: 5

  caddy:
    image: caddy:latest
    ports:
      - 80:80
      - 443:443
      - 443:443/udp
    volumes:
      - ./data:/data
      - ./config:/config
      - ./Caddyfile:/etc/caddy/Caddyfile:ro
    environment:
      - HOST=docuseal.staffconnect.agency
     # - CADDY_HTTP_TIMEOUT=30s     # Adjust the HTTP timeout as needed
     # - CADDY_READ_TIMEOUT=30s     # Adjust the read timeout as needed
     # - CADDY_WRITE_TIMEOUT=30s
    extra_hosts:
      - "host.docker.internal:host-gateway"

  traggo:
    image: traggo/server:latest
    ports:
      - 3030:3030
    environment:
      TRAGGO_DEFAULT_USER_NAME: <redacted>
      TRAGGO_DEFAULT_USER_PASS:  <redacted>
    volumes:
      - ./traggodata:/opt/traggo/data
 nextcloud_db:
    image: mariadb:10
    volumes:
      - nextcloud_db:/var/lib/mysql
    environment:
      - MYSQL_ROOT_PASSWORD= <redacted>
      - MYSQL_PASSWORD= <redacted>
      - MYSQL_DATABASE= <redacted>
      - MYSQL_USER= <redacted>

  # Nextcloud
  nextcloud:
    image: nextcloud:latest
    volumes:
      - nextcloud_data:/var/www/html
      - ./config.php:/var/www/html/config/config.php
    depends_on:
      - nextcloud_db
    environment:
      - MYSQL_HOST=nextcloud_db
      - MYSQL_USER=nextcloud
      - MYSQL_PASSWORD= <redacted>
      - MYSQL_DATABASE=nextcloud

volumes:
  pg_data:
  nextcloud_db:
  nextcloud_data:

Maybe the answer is a really simple one, but I can’t see the forest for the trees because I’ve been sitting on it for so long. Thanks in advance!

Are you using the Built-in CODE app or a dedicated CODE deployment?

What appears in your Nextcloud log when opening an office file?

I wouldnt know what the difference would be. Maybe you can explain it?

I tried to generate some errors for the NextCloud Protocol but it only shows the fails from yesterday.

WhatsApp Image 2024-03-25 at 18.50.02_c09c30ff1308×534 85.1 KB

Bump … still havent figured it out^^

Okay the solution for me was to create a seperate Collabora instance with its own subdomain and configure it in the following way in my

docker-compose.yml

file (Caddyfile reverse proxys to the new subdomain I specifically created):

version: '3'

services:
  app:
    depends_on:
      postgres:
        condition: service_healthy
    image: docuseal/docuseal:latest
    ports:
      - 3000:3000
    volumes:
      - .:/data
    environment:
      FORCE_SSL: 'true'
      DATABASE_URL: postgresql://postgres:postgres@postgres:5432/docuseal

  postgres:
    image: postgres:15
    volumes:
      - './pg_data:/var/lib/postgresql/data'
    environment:
      POSTGRES_USER: <redacted>
      POSTGRES_PASSWORD: <redacted>
      POSTGRES_DB: <redacted>
    healthcheck:
      test: ["CMD-SHELL", "pg_isready -U postgres"]
      interval: 5s
      timeout: 5s
      retries: 5

  caddy:
    image: caddy:latest
    ports:
      - 80:80
      - 443:443
      - 443:443/udp
    volumes:
      - ./data:/data
      - ./config:/config
      - ./Caddyfile:/etc/caddy/Caddyfile:ro
    environment:
      - HOST=docuseal.staffconnect.agency
     # - CADDY_HTTP_TIMEOUT=30s     # Adjust the HTTP timeout as needed
     # - CADDY_READ_TIMEOUT=30s     # Adjust the read timeout as needed
     # - CADDY_WRITE_TIMEOUT=30s
    extra_hosts:
      - "host.docker.internal:host-gateway"

  traggo:
    image: traggo/server:latest
    ports:
      - 3030:3030
    environment:
      TRAGGO_DEFAULT_USER_NAME: <redacted>
      TRAGGO_DEFAULT_USER_PASS: <redacted>
    volumes:
      - ./traggodata:/opt/traggo/data

  nextcloud_db:
    image: mariadb:10
    volumes:
      - nextcloud_db:/var/lib/mysql
    environment:
      - MYSQL_ROOT_PASSWORD=<redacted>
      - MYSQL_PASSWORD=<redacted>
      - MYSQL_DATABASE=<redacted>
      - MYSQL_USER=<redacted>

  # Nextcloud
  nextcloud:
    image: nextcloud:latest
    volumes:
      - nextcloud_data:/var/www/html
      - ./config.php:/var/www/html/config/config.php
    depends_on:
      - nextcloud_db
    environment:
      - MYSQL_HOST=<redacted>
      - MYSQL_USER=<redacted>
      - MYSQL_PASSWORD=<redacted>
      - MYSQL_DATABASE=<redacted>

  collabora:
    image: collabora/code
    container_name: collabora_code
    privileged: true
    ports:
      - 9980:9980
    environment:
      - domain=collabora\\.staffconnect\\.agency
      - extra_params=--o:ssl.enable=false --o:ssl.termination=true
    cap_add:
      - MKNOD

volumes:
  pg_data:
  nextcloud_db:
  nextcloud_data:

Specifically important is the line:

 - extra_params=--o:ssl.enable=false --o:ssl.termination=true

Because Collabora does NOT accept http traffic, which is exactly what it gets over a reverse proxy with caddy. I hope this helps someone.